Flaw found in McAfee suite

A flaw in McAfee Internet Security Suite 2005 could let employees sharing the same computer break into one another's files, according to security consultant iDefense.

The vulnerability, which exists in the default settings applied during installation, gives anyone the same access rights on a PC as an IT administrator. That, in effect, would let someone remove any restricted access specified on a PC, according to a report released by iDefense on Monday. It could also let an employee install software prohibited by his employer.

An employee who shares a computer with co-workers, for example, could then access colleagues' files or install programs such as peer-to-peer software on the machine.

Home users are unlikely to be affected by this flaw because they generally do not assign user restrictions on their PCs, said Michael Sutton, iDefense Labs director.

"This is not a high-risk vulnerability," Sutton said. "High-risk vulnerabilities are the ones where you can gain remote access of the PC. Here, you would have to get into the company's building and gain access to the computer."

McAfee was not immediately available for comment.

According to iDefense, McAfee is distributing a patch for Internet Security Suite 2005 to all registered users who have their settings on automatic updates. McAfee's suite offers virus protection, a firewall and privacy controls.

Why...

Why on earth would a company be using McAfee Internet Suite (vastly inferior to the corporate products)? Isn't it a retail consumer-only product?